Blame SPECS/sscg.spec

29af2c
%global provider        github
29af2c
%global provider_tld    com
29af2c
%global project sgallagher
29af2c
%global repo sscg
29af2c
# https://github.com/sgallagher/sscg
29af2c
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
29af2c
%global import_path     %{provider_prefix}
29af2c
29af2c
29af2c
Name:           sscg
731278
Version:        3.0.0
813ad5
Release:        7%{?dist}
29af2c
Summary:        Simple SSL certificate generator
29af2c
731278
License:        GPLv3+ with exceptions
29af2c
URL:            https://%{provider_prefix}
731278
Source0:        https://%{provider_prefix}/releases/download/%{repo}-%{version}/%{repo}-%{version}.tar.xz
29af2c
29af2c
BuildRequires:  gcc
29af2c
BuildRequires:  libtalloc-devel
29af2c
BuildRequires:  openssl-devel
29af2c
BuildRequires:  popt-devel
29af2c
BuildRequires:  libpath_utils-devel
29af2c
BuildRequires:  meson
29af2c
BuildRequires:  ninja-build
29af2c
BuildRequires:  help2man
29af2c
3415ba
731278
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
731278
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
731278
Patch0003: 0003-Truncate-IP-address-in-SAN.patch
813ad5
Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
3415ba
3415ba
29af2c
%description
29af2c
A utility to aid in the creation of more secure "self-signed"
29af2c
certificates. The certificates created by this tool are generated in a
29af2c
way so as to create a CA certificate that can be safely imported into a
29af2c
client machine to trust the service certificate without needing to set
29af2c
up a full PKI environment and without exposing the machine to a risk of
29af2c
false signatures from the service certificate.
29af2c
29af2c
%prep
29af2c
%autosetup -p1
29af2c
29af2c
29af2c
%build
29af2c
%meson
29af2c
%meson_build
29af2c
29af2c
%install
29af2c
%meson_install
29af2c
29af2c
%check
731278
%meson_test -t 10
29af2c
29af2c
%files
29af2c
%license COPYING
29af2c
%doc README.md
29af2c
%{_bindir}/%{name}
29af2c
%{_mandir}/man8/%{name}.8*
29af2c
29af2c
%changelog
813ad5
* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
813ad5
- Correctly apply the patch for default dhparams
813ad5
- Resolves: rhbz#2143206
813ad5
813ad5
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
813ad5
- Don't fail if default dhparams file can't be created
813ad5
- Resolves: rhbz#2143206
813ad5
731278
* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
731278
- Rebase to sscg 3.0.0
731278
- Resolves: rhbz#2107369
731278
- Resolves: rhbz#2091525
731278
731278
* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
731278
- Fix certificate lifetime calculation
731278
- Resolves: rhbz#2091525
731278
3415ba
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
3415ba
- Properly handling reading long passphrase files.
3415ba
3415ba
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
3415ba
- Fix missing error check for --*-key-passfile
3415ba
3415ba
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
3415ba
- Improve validation of command-line arguments
3415ba
- Resolves: rhbz#1784441
3415ba
- Resolves: rhbz#1784443
3415ba
3415ba
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
3415ba
- Further improve --client-key-file help message
3415ba
- Resolves: rhbz#1720667
3415ba
3415ba
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
3415ba
- Fix incorrect help message
3415ba
- Resolves: rhbz#1720667
3415ba
3415ba
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
3415ba
- Fix null-dereference and memory leak issues with client certs
3415ba
- Resolves: rhbz#1720667
3415ba
3415ba
* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
3415ba
- Add support for generating client authentication certificates
3415ba
- Resolves: rhbz#1720667
3415ba
3415ba
* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
3415ba
- Add support for password-protecting the private key files
3415ba
- Resolves: rhbz#1717880
3415ba
29af2c
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
29af2c
- Fixes for issues detected by automated testing.
29af2c
- Resolves: rhbz#1653323
29af2c
29af2c
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
29af2c
- Autodetect the minimum key strength from the system security level.
29af2c
- Autodetect the hash algorithm to use from the system security level.
29af2c
- Disallow setting a key strength below the system minimum.
29af2c
- Resolves: rhbz#1653323
29af2c
29af2c
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
29af2c
- Add a manpage for sscg.
29af2c
29af2c
* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
29af2c
- Strip out bundled popt since RHEL 8 has a new-enough version.
29af2c
29af2c
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
29af2c
29af2c
* Fri Feb 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-1
29af2c
- Update to 2.3.3
29af2c
- Do not overwrite destination files without --force
29af2c
29af2c
* Thu Jan 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-1
29af2c
- Update to 2.3.2
29af2c
- Properly support hostnames up to 64 characters
29af2c
- Resolves: rhbz#1535537
29af2c
29af2c
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-2
29af2c
- Skip tests on 32-bit ARM for now
29af2c
29af2c
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-1
29af2c
- Update to 2.3.1
29af2c
- Bundle popt 1.16 on older releases like EPEL.
29af2c
29af2c
* Mon Dec 18 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.0-1
29af2c
- Update to 2.3.0
29af2c
- Switch to meson build system
29af2c
- Add support for non-DNS subjectAlternativeName values (issue #4)
29af2c
29af2c
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-1
29af2c
- Reorder combined PEM file
29af2c
- Resolves: RHBZ#1494208
29af2c
29af2c
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.1.0-1
29af2c
- Add --email argument for setting emailAddress in the issuer
29af2c
29af2c
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-4
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
29af2c
29af2c
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-3
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
29af2c
29af2c
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-2
29af2c
- Bump release to perform taskotron tests
29af2c
29af2c
* Tue Mar 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-1
29af2c
- Update to 2.0.4
29af2c
- Addresses a potential race-condition when the key and certificate share the
29af2c
  same file.
29af2c
29af2c
* Wed Mar 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.3-1
29af2c
- Update to 2.0.3
29af2c
- Adds support for setting the file mode on the output certificates
29af2c
  and keys.
29af2c
29af2c
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.2-1
29af2c
- Update to 2.0.2
29af2c
- Always run with umask(077)
29af2c
29af2c
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.1-1
29af2c
- Update to 2.0.1
29af2c
- Fix an issue with passing certificate lifetime explicitly
29af2c
29af2c
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.0-1
29af2c
- Update to 2.0.0
29af2c
29af2c
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-6
29af2c
- Exclude PPC64 from the build since it doesn't support linking to OpenSSL
29af2c
29af2c
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
29af2c
29af2c
* Wed Nov 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-4
29af2c
- Use compat-openssl10-devel on F26+
29af2c
29af2c
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-3
29af2c
- https://fedoraproject.org/wiki/Changes/golang1.7
29af2c
29af2c
* Tue May 31 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
29af2c
- Debundle spacelog
29af2c
29af2c
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1
29af2c
- Update to 1.1.0
29af2c
- Add support for signing service keys with an existing CA
29af2c
29af2c
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
29af2c
- Add support for exporting the CA private key
29af2c
- Fix incorrect output from -version
29af2c
- Add README.md
29af2c
29af2c
* Tue May 24 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
29af2c
- Only sign certificates after all extensions have been added
29af2c
29af2c
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
29af2c
- Generate x509v3 certificates
29af2c
29af2c
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
29af2c
- Fix issue with temporary file creation
29af2c
29af2c
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
29af2c
- New upstream release 1.0.0
29af2c
- Rewritten in Go
29af2c
- Runtime depends only on OpenSSL, no more Python
29af2c
- Support for writing certificate and key in a single file
29af2c
29af2c
* Wed May 18 2016 Stephen Gallagher <sgallagh@redhat.com> - 0.4.1-4
29af2c
- Add requirement on python-setuptools
29af2c
29af2c
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
29af2c
29af2c
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
29af2c
29af2c
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-1
29af2c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
29af2c
29af2c
* Mon Mar 30 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.1-1
29af2c
- Change default CA location to match service certificate
29af2c
- Improve error handling
29af2c
29af2c
* Tue Mar 24 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.0-1
29af2c
- Spec file cleanups
29af2c
- PEP8 Cleanups
29af2c
- Make location arguments optional
29af2c
29af2c
* Mon Mar 23 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.0-1
29af2c
- Rename to sscg
29af2c
- Only build with default python interpreter
29af2c
29af2c
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2.1-1
29af2c
- Include the LICENSE file in the tarball
29af2c
29af2c
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-2
29af2c
- Include the license in the build RPMs
29af2c
29af2c
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-1
29af2c
- Add support for namedConstraints
29af2c
- Add support for subjectAltNames
29af2c
- Fix packaging issues from Fedora package review
29af2c
29af2c
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-2
29af2c
- Update BuildRequires
29af2c
29af2c
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
29af2c
- First packaging